Agenda: 6.11_static_routing_lab.txt

File 6.11_static_routing_lab.txt, 21.1 KB (added by skiden, 5 years ago)
Line 
1Static Routing Lab
2==================
3
4Accessing the routers
5---------------------
6
7The overall architecture and the full address plan can be found in the [IP
8Address Plan](<0.72_ip_address_plan.md>).
9
10See the [Layer 2 Network Design Lab](<1.31_layer_2_network_design_lab.md>) for
11details of how to login. The routers have the same username and passwords as the
12switches.
13
14The console details are:
15
16| **Router Name** | **Console**                |
17|-----------------|----------------------------|
18| r1-bdr-campus1  | telnet s1.ws.nsrc.org 2101 |
19| r1-bdr-campus2  | telnet s1.ws.nsrc.org 2201 |
20| r1-bdr-campus3  | telnet s1.ws.nsrc.org 2301 |
21| r1-bdr-campus4  | telnet s1.ws.nsrc.org 2401 |
22| r1-bdr-campus5  | telnet s1.ws.nsrc.org 2501 |
23| r1-bdr-campus6  | telnet s1.ws.nsrc.org 2601 |
24| r1-core-campus1 | telnet s1.ws.nsrc.org 2102 |
25| r1-core-campus2 | telnet s1.ws.nsrc.org 2202 |
26| r1-core-campus3 | telnet s1.ws.nsrc.org 2302 |
27| r1-core-campus4 | telnet s1.ws.nsrc.org 2402 |
28| r1-core-campus5 | telnet s1.ws.nsrc.org 2502 |
29| r1-core-campus6 | telnet s1.ws.nsrc.org 2602 |
30
31Basic Router Configuration
32--------------------------
33
34 
35
36![](<../../diagrams/cnd-campus-lag-int.png>)
37
38Our campus network consists of two routers, r1-bdr-campusX and r1-core-campusX
39as well as six switches that we've already configured.
40
41The following table shows the connections between each device in the campus:
42
43| **Device**      | **Interface**    | **Remote Device** | **Remote Interface** |
44|-----------------|------------------|-------------------|----------------------|
45| sd1-bN-campusX  | FastEthernet1/12 | se1-bN-campusX    | FastEthernet1/14     |
46|                 | FastEthernet1/13 | se1-bN-campusX    | FastEthernet1/15     |
47|                 | FastEthernet1/14 | se2-bN-campusX    | FastEthernet1/15     |
48| r1-core-campusX | FastEthernet0/0  | r1-bdr-campusX    | FastEthernet0/1      |
49|                 | FastEthernet0/1  | sd1-b1-campusX    | FastEthernet1/15     |
50|                 | FastEthernet1/0  | sd1-b2-campusX    | FastEthernet1/15     |
51|                 | FastEthernet1/1  | pc1-campusX       |                      |
52
53### Hostname
54
55Your routers should be given a basic configuration as follows:
56
57~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
58Router> enable
59Router# config terminal
60Enter configuration commands, one per line. End with CNTL/Z.
61Router(config)# hostname r1-bdr-campusX
62r1-bdr-campusX(config)#
63~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
64
65### Turn Off Domain Name Lookups
66
67Cisco devices will always try to look up the DNS for any name or address
68specified in the command line. You can see this when doing a trace on a router
69with no DNS server or a DNS server with no in-addr.arpa entries for the IP
70addresses. We will turn this lookup off for the labs for the time being to speed
71up traceroutes.
72
73~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
74r1-bdr-campusX (config)# no ip domain-lookup
75~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
76
77### Configure console and other ports
78
79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
80r1-bdr-campusX (config)# line con 0
81r1-bdr-campusX (config-line)# transport preferred none
82r1-bdr-campusX (config-line)# line vty 0 4
83r1-bdr-campusX (config-line)# transport preferred none
84~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
85
86### Usernames and Passwords
87
88All router usernames should be **cndlab** and all passwords should be
89**lab-PW**. Please do not change the username or password to anything else, or
90leave the password unconfigured (access to vty ports is not possible if no
91password is set). It is essential for a smooth operating lab that all
92participants have access to all routers.
93
94~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
95r1-bdr-campusX (config)# username cndlab secret lab-PW
96r1-bdr-campusX (config)# enable secret lab-PW
97r1-bdr-campusX (config)# service password-encryption
98~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
99
100The service password-encryption directive tells the router to encrypt all
101passwords stored in the router’s configuration (apart from enable secret which
102is already encrypted).
103
104**Note A:** There is the temptation to simply have a username of cisco and
105password of cisco as a lazy solution to the username/password problem. Under no
106circumstances must any service provider operator ever use easily guessable
107passwords as these on their live operational network.
108
109**IMPORTANT: This sentence cannot be emphasized enough. It is quite common for
110attackers to gain access to networks simply because operators have used familiar
111or easily guessed passwords.**
112
113**Note B:** for IOS releases prior to 12.3, the username/secret pair is not
114available, and operators will have to configure username/password instead. The
115latter format uses type-7 encryption, whereas the former is the more secure md5
116based encryption.
117
118### Enabling login access for other machines
119
120In order to let you telnet into your router in future modules of this workshop,
121you need to configure a password for all virtual terminal lines.
122
123~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
124r1-bdr-campusX (config)# aaa new-model
125r1-bdr-campusX (config)# aaa authentication login default local
126r1-bdr-campusX (config)# aaa authentication enable default enable
127~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
128
129This series of commands tells the router to look locally for standard user login
130(the username password pair set earlier), and to the locally configured enable
131secret for the enable login. By default, login will be enabled on all vtys for
132other teams to gain access.
133
134### Configure system logging
135
136A vital part of any Internet operational system is to record logs. The router by
137default will display system logs on the router console. However, this is
138undesirable for Internet operational routers, as the console is a 9600 baud
139connection, and can place a high processor interrupt load at the time of busy
140traffic on the network. However, the router logs can also be recorded into a
141buffer on the router – this takes no interrupt load and it also enables to
142operator to check the history of what events happened on the router. In a future
143module, the lab will configuration the router to send the log messages to a
144SYSLOG server.
145
146~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
147r1-bdr-campusX (config)# no logging console
148r1-bdr-campusX (config)# logging buffered 8192 debug
149~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
150
151which disables console logs and instead records all logs in a 8192 byte buffer
152set aside on the router. To see the contents of this internal logging buffer at
153any time, the command “show log” should be used at the command prompt.
154
155### Save the Configuration.
156
157With the basic configuration in place, save the configuration. To do this, exit
158from enable mode by typing “end” or “`<ctrl>` Z”, and at the command prompt
159enter “write memory”.
160
161~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
162r1-bdr-campusX(config)#^Z
163r1-bdr-campusX# write memory
164Building configuration...
165[OK]
166r1-bdr-campusX#
167~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
168
169It is highly recommended that the configuration is saved quite frequently to
170NVRAM. If the configuration is not saved to NVRAM, any changes made to the
171running configuration will be lost after a power cycle or virtual machine
172failure.
173
174Log off the router by typing *exit*, and then log back in again. Notice how the
175login sequence has changed, prompting for a “username” and “password” from the
176user. Note that at each checkpoint in the workshop, you should save the
177configuration to memory – remember that powering the router off will result in
178it reverting to the last saved configuration in NVRAM.
179
180 
181
182Configure the Core Router
183-------------------------
184
185### Configure interface to the Border router
186
187Make sure you change the X below to the correct value for your campus:
188
189~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
190interface FastEthernet0/0
191 description CAMPUS CORE to BORDER
192 ip address 100.68.X.2 255.255.255.240
193 ipv6 address 2001:db8:X:0::2/64
194 no ip redirects
195 no ip proxy-arp
196 no shutdown
197~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
198
199### Configure the Management VLAN interfaces
200
201In the VLAN lab we moved the Management address of the switches into a dedicated
202vlan for each building. We used vlan 41 in Building 1 and vlan 42 in Building 2.
203Now we'll configure our core router so that it can talk to these vlans (and the
204switches).
205
206On r1-core-campusX add the following for Building 1:
207
208~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
209interface FastEthernet0/1
210 no ip address
211 no shutdown
212!
213interface FastEthernet0/1.41
214 description Building 1 Management - vlan 41
215 encapsulation dot1Q 41
216 ip address 172.2X.0.1 255.255.255.240
217 ipv6 address 2001:db8:X:3::1/64
218 no ip redirects
219 no ip proxy-arp
220 no shutdown
221~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
222
223And for Building 2:
224
225~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
226interface FastEthernet0/1
227 no ip address
228 no shutdown
229!
230interface FastEthernet0/1.42
231 description Building 2 Management - vlan 42
232 encapsulatoin dot1Q 42
233 ip address 172.2X.0.17 255.255.255.240
234 ipv6 address 2001:db8:X:4::1/64
235 no ip redirects
236 no ip proxy-arp
237 no shutdown
238~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
239
240Exit config mode and save your changes!
241
242Test that you can ping all six switches from the core router. You should also
243test that you can ping the Building 1 switches from the Building 2 switches.
244
245### Configure the STAFF and STUDENT interfaces
246
247We've configured STAFF and STUDENT ports on our edge switches and any device
248plugged into those ports should be able to talk to others in the same vlan. If
249we want to allow those devices to get to the wider campus network and the
250Internet we need to add interfaces on the core router.
251
252For Building 1 we need to add:
253
254~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
255interface FastEthernet0/1.51
256 description Building 1 STAFF - vlan 51
257 encapsulation dot1Q 51
258 ip address 172.2X.51.1 255.255.255.0
259 ipv6 address 2001:db8:X:51::1/64
260 no ip redirects
261 no ip proxy-arp
262 no shutdown
263!
264interface FastEthernet0/1.61
265 description Building 1 STUDENT - vlan 61
266 encapsulation dot1Q 61
267 ip address 172.2X.61.1 255.255.255.0
268 ipv6 address 2001:db8:X:61::1/64
269 no ip redirects
270 no ip proxy-arp
271 no shutdown
272~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
273
274For Building 2 we need to add:
275
276~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
277interface FastEthernet0/1.52
278 description Building 2 STAFF - vlan 52
279 encapsulation dot1Q 52
280 ip address 172.2X.52.1 255.255.255.0
281 ipv6 address 2001:db8:X:52::1/64
282 no ip redirects
283 no ip proxy-arp
284 no shutdown
285!
286interface FastEthernet0/1.62
287 description Building 2 STUDENT - vlan 62
288 encapsulation dot1Q 62
289 ip address 172.2X.62.1 255.255.255.0
290 ipv6 address 2001:db8:X:62::1/64
291 no ip redirects
292 no ip proxy-arp
293 no shutdown
294~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
295
296If we had a real physical network, we'd be able to connect a device to the
297switch ports we set up earlier, configure an IP address and ping the router at
298this stage.
299
300### Configure the Network Management and Monitoring interface
301
302Our network management and monitoring server, pc1-campusX.ws.nsrc.org, is
303connected to FastEthernet1/1 on the core router. We'll configure the router,
304r1-core-campusX, so that we can start to use that server to manage and monitor
305our network:
306
307~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
308interface FastEthernet1/1
309 description Network Management and Monitoring
310 no switchport
311 ip address 100.68.X.129 255.255.255.240
312 ipv6 address 2001:db8:X:1::1/64
313 no ip redirects
314 no ip proxy-arp
315~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
316
317At this stage you should be able to ssh to pc1-campusX.ws.nsrc.org as sysadm and
318ping the core router on this address.
319
320If that works, try using telnet to connect to the router.
321
322### Set up SNMP access on the Core router
323
324Later in the week we're going to start using SNMP to manage the routers and
325switches. We'll add the necessary commands at this stage:
326
327~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
328access-list 99 permit 100.68.X.130
329!
330snmp-server community NetManage RO 99
331snmp ifmib ifindex persist
332~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
333
334The access-list only allows SNMP queries from the NMM server.
335
336If your router doesn't take the above snmp commands, try the following instead.
337Even though Cisco IOS is one operating system, the implementation details on
338different platforms can well be different:
339
340~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
341access-list 99 permit 100.68.X.130
342!
343snmp-server community NetManage RO 99
344snmp-server ifindex persist
345~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
346
347 
348
349Configure the Border Router
350---------------------------
351
352### Configure the NREN interface
353
354The full address plan for the lab can be found in the [IP Address
355Plan](<0.72_ip_address_plan.md>). Consult the address plan for the addresses of
356the point to point links between the Campus Border Router and the NREN Router.
357
358Make sure you change the **X** and **Y** below to the correct value from address
359plan mentioned above:
360
361~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
362interface FastEthernet0/0
363 description Link to NREN
364 ip address 100.68.0.Y 255.255.255.252
365 ipv6 address 2001:db8:0:X::1/127
366 no ip redirects
367 no ip proxy-arp
368 no shutdown
369~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
370
371Test that you can ping the NREN end of the link.
372
373### Configure the Core interface
374
375Make sure you change the **X** below to the correct value for your campus:
376
377~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
378interface FastEthernet0/1
379 description CAMPUS CORE
380 ip address 100.68.X.1 255.255.255.240
381 ipv6 address 2001:db8:X:0::1/64
382 no ip redirects
383 no ip proxy-arp
384 no shutdown
385~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
386
387Test that you can ping your Core router at the other end this link.
388
389### Set up SNMP access on the Border router
390
391Later in the week we're going to start using SNMP to manage the routers and
392switches. We'll add the necessary commands at this stage:
393
394~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
395access-list 99 permit 100.68.X.130
396!
397snmp-server community NetManage RO 99
398snmp ifmib ifindex persist
399~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
400
401The access-list only allows SNMP queries from the NMM server.
402
403If your router doesn't take the above snmp commands, try the following instead.
404Even though Cisco IOS is one operating system, the implementation details on
405different platforms can well be different:
406
407~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
408access-list 99 permit 100.68.X.130
409!
410snmp-server community NetManage RO 99
411snmp-server ifindex persist
412~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
413
414 
415
416Configure Static Routing
417------------------------
418
419At this stage you should be able to ping each of the devices in your campus
420network from their immediate neighbours. If you try to ping the Border router
421from one of the switches or the NMM server you'll have less success. We need to
422add some additional routing information to the routers so that we can pass
423packets successfully.
424
425Let's look at the routing information on the Core router:
426
427~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
428r1-core-campus1#sh ip route
429Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
430     D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
431     N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
432     E1 - OSPF external type 1, E2 - OSPF external type 2
433     i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
434     ia - IS-IS inter area, * - candidate default, U - per-user static route
435     o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
436     + - replicated route, % - next hop override
437
438Gateway of last resort is not set
439
440    100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
441C        100.68.1.0/28 is directly connected, FastEthernet0/0
442L        100.68.1.2/32 is directly connected, FastEthernet0/0
443C        100.68.1.128/28 is directly connected, FastEthernet1/1
444L        100.68.1.129/32 is directly connected, FastEthernet1/1
445C        100.68.1.242/32 is directly connected, Loopback0
446    172.21.0.0/16 is variably subnetted, 4 subnets, 2 masks
447C        172.21.0.0/28 is directly connected, FastEthernet0/1.41
448L        172.21.0.1/32 is directly connected, FastEthernet0/1.41
449C        172.21.0.16/28 is directly connected, FastEthernet1/0.42
450L        172.21.0.17/32 is directly connected, FastEthernet1/0.42
451~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
452
453and on the Border router:
454
455~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
456r1-bdr-campus1>sh ip route
457Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
458     D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
459     N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
460     E1 - OSPF external type 1, E2 - OSPF external type 2
461     i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
462     ia - IS-IS inter area, * - candidate default, U - per-user static route
463     o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
464     + - replicated route, % - next hop override
465
466Gateway of last resort is not set
467
468  100.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
469C        100.68.0.0/30 is directly connected, FastEthernet0/0
470L        100.68.0.2/32 is directly connected, FastEthernet0/0
471C        100.68.1.0/28 is directly connected, FastEthernet0/1
472L        100.68.1.1/32 is directly connected, FastEthernet0/1
473~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
474
475Each of the routers knows about the **local** and **connected** networks but no
476other routes.
477
478What about IPv6? What routes do you see for IPv6 destinations? Is there a
479similarity with what you see for IPv4?
480
481### Turn on IPv6 Routing
482
483Cisco IOS routers have IPv6 Routing turned off by default. So while we can reach
484our directly attached neighbours, we cannot get anywhere beyond, nor can we turn
485on any IPv6 routing protocols. We now need to turn on IPv6 routing, and to do
486that we use the following command:
487
488~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
489ipv6 unicast-routing
490~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
491
492### Static routes on the Core router
493
494The Core router needs a default route added to it so that we can forward traffic
495from the Campus network to the wider Internet via the NREN. We add this route to
496send traffic to the border router:
497
498~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
499ip route 0.0.0.0 0.0.0.0 100.68.X.1
500ipv6 route ::/0 2001:db8:X:0::1
501~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
502
503### Static routes on the Border router
504
505The Border needs a default route added to it so that we can forward traffic from
506the Campus network to the wider Internet via the NREN. We add this route to send
507traffic to the NREN router:
508
509~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
510ip route 0.0.0.0 0.0.0.0 100.68.0.Y
511ipv6 route ::/0 2001:db8:0:X::0
512~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
513
514Choose the correct value for **X** and **Y** from the IP address tables we used
515when we set up the interface.
516
517**IMPORTANT: You have added a number of subnets on your core router and building
518switches for the NMM subnet and VLAN 41, 42, 51, 52, 61, 62. Your Border router
519needs to be able to send packets to those subnets.**
520
521Which networks should you add routes for?
522
523**HINT**: You need routes for all the IPv4 networks assigned to your Campus. See
524the [IP Address Plan](<0.72_ip_address_plan.md>) for details.
525
526**Add these routes.**
527
528### Testing the routing setup
529
530The two NREN routers are connected to the same workshop subnet as your laptops,
53110.10.0.0/24. They have the IPv4 addresses, 10.10.0.201 and 10.10.0.202.
532
533You should be able to ping these addresses from your Core router if your setup
534is correct. You should also be able to ping your Core router from your laptop.
535
536Now try pinging 8.8.8.8 - does this work?
537
538*Checkpoint: call an instructor and show them your working system.*